What is cyber security?
The ITU defines cyber-security as “the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets”
The Internet Society (ISOC) has pointed that cyber-security is “a catchword” that is “frighteningly inexact and can stand for an almost endless list of different security concerns, technical challenges, and “solutions” ranging from the technical to the legislative.
How Cyber-security is addressed at National Level?
Cyber-security involves helping protect the data that you simply, me, governments, businesses, et al. keep online or in cyberspace, including communications (email, video messaging), finances (credit card information on websites like Amazon or the account numbers and data you employ for e-banking), personal data (social security number, medical records on healthcare website), military secrets, and far more. Cyber incidents can even cause physical damage to critical infrastructure and networks as evidenced by the Stuxnet malware discovered in 2010 that targeted and destroyed a number of centrifuges at the Natanz nuclear facility in Iran.
It is under this backdrop that cyber-security threats and therefore the risk of cyber attacks that would leak confidential military secrets or damage a country’s economic/ political infrastructure have garnered large attention not even as an Internet-related issue, but also as a national security issue. Other samples of national security threats throughout the planet include nuclear weapons proliferation and war.
US, Russia, Japan, Kenya, European Union countries, are among the various countries that have declared the problem of cyber-security, and specifically, cyber-attacks against their governments and citizens as a national security threat and developed national cyber-security strategies or initiatives. This type of initiative for cyber-security normally outlines the country’s priority goals, concerns, set of principles or norms, and actions to be taken related to cyber-security.
Cyber-security at the International level
At the global organization level, the problem of cyber-security first came to the UN’s agenda when the Russia introduced a draft resolution within the First Committee of the UN General Assembly that was later adopted in 1998. Since 2010, three Groups of Governmental Experts (GCEs) are tasked by the UN General Assembly to research and report on existing and potential threats to cyber-security and proposals on the way to address them. In the reports of the year 2010, 2011 and 2012/2013 reports, GCEs concluded, amongst a variety of things, that there is an increased need for “international cooperation against threats within the universe of ICT security” with input from civil society and therefore the private sector, but also emphasized that “State efforts to deal with the safety of ICTs must go hand-in-hand with respect for human rights and fundamental freedoms set forth within the Universal Declaration of Human Rights and other international instruments.” In 2014, the UN adopted a replacement resolution on cyber-security.
Why cyber-security is a human rights issue
Using the FOC definition of cyber-security as a basis, it’s easy to ascertain how threats to cyber-security – or cyber insecurity – are often human rights violations.
The denial of availability of data and its underlying infrastructure, within the sort of network shutdowns, violates a good range of rights, including by unduly restricting access to information and therefore the ability of individuals to precise themselves, peacefully assemble and associate, also as enjoy a variety of economic, social and cultural rights. In 2018, 196 internet shutdowns were recorded in 68 countries across the world.
There are a large number of examples are there in which confidentiality of data has been compromised,
Either through the data breaches for economic gain, mass government surveillance, or targeted attacks on human rights defenders or journalists, in violation of the proper to privacy, among other rights. leaks related to the confidentiality of communications through surveillance are linked to severe human rights violations, like detention, torture, and extrajudicial killings.
Human Rights concerns about Cyber security
Though some domestic and international laws plan to address human rights considerations in forming cyber security standards, the negative impact on human rights caused by overarching and broad cyber security laws and principles has become apparent to civil society advocates et al.
When talking about human rights, we are mostly pertaining to those rights guaranteed under the United Nations’ Universal Declaration of Human Rights (UDHR) and therefore the International Covenant on Civil and Political Rights (ICCPR), including freedom of expression, freedom of speech, the proper to privacy, freedom of opinion, and freedom of association as a number of the foremost basic rights of all humans. In response to the creation of the web as a replacement platform for expressing basic human rights, the UN Special Reporter on Freedom of Opinion and Expression and free expression reporters from Europe, Latin America, and Africa signed a joint declaration confirming that “freedom of expression applies to the Internet” in 2011. In July 2012 the UN Human Rights Council further confirmed that “the same rights that folks have offline must even be protected online,” thus making the formerly mentioned human rights declarations of UDHR, ICCPR applicable to the web.
A number of cyber security laws and measures that are taken by individual countries could have a negative impact on online speech and freedom of expression by directly infringing upon such rights or creating a chilling effect on the will of individuals to precise their rights. The Anti-Cyber Crime Law of Saudi Arabia and its vague clause on “protection of public interest, morals, and customary values”, are wont to clamp down on online speech and freedom of expression by imprisoning bloggers et al. for voicing different opinions, insulting public officials, or supporting forces aside from the govt, in power. In 2012, the Philippines approved the Cyber Crime Prevention Act that addressed legitimate cyber security concerns, but also criminalized libel. Though the supply on libel was eventually dropped the subsequent year, its original intentions were enough to stress Filipino activists and lawmakers into drafting a bill called Magna Carta for Philippine Internet Freedom in direct opposition to the law. Additionally, to cyber security laws developed by governments, firewalls developed by IT businesses and corporations (with government support) are often wont to block specific websites and content, resulting in online censorship.
While state-based agencies and actors have control and access to the web and its data, some have claimed that checks and balances are needed, like oversight committees, international laws, and internationally prescribed definitions for keywords.
Putting cyber security on the rights track
In order to safeguard human rights during this digital age, it’s time to start out treating cyber security as a person’s rights offering.
First, there’s the need to change the view that human rights are an obstacle to security.
Second, it’s critical to use human rights-based approaches to cyber security laws, policies, and practices. The danger of cyber insecurity should never be a second hand a pretext to violate human rights. Instead, finding that individual and peace is at the centre of cyber security means protection for human rights should be at the core of the development of cyber security policy. At the international level, it’s imperative to root deliberations on cyber security in international human rights law. the liberty Online Coalition “Internet Free and Secure” working party developed a group of cyber security and human rights-focused policy recommendations towards ensuring that cyber security policies and practices are based upon and fully according to human rights – effectively, that cyber security policies and practices are rights-respecting intentionally.
Third, companies should respect human rights, and governments should hold them to take it into account.
Fourth, cyber security processes got to be multi-stakeholder and inclusive, also as multidisciplinary, merged with the combination of human rights and technical expertise.
Digital technologies make new and unforeseen challenges to human rights and security, which can require more documentation, research, and analysis. Until cyber security and human rights are understood and treated as mutually reinforcing and complementary, both will suffer.